Deception in Depth Architecture

Console with Attack Visualization

New expanded visualization enables the security operations team to rapidly understand the activities of the attacker over time, from the originating intrusion to the assets they are engaging with, to the final containment.

Attacker ID

New attack identification automatically determines if an attack is being conducted by a human attacker, or automated attack tools, giving security teams a better understanding of the attack and subsequent containment methods.

Enhanced Security Modules and Automated Provisioning

AIR Module provides rapid automated forensic analysis of suspect endpoints which is triggered by indications of compromise (IOCs) identified by DeceptionGrid traps. CryptoTrap Module is designed specifically to deceive, contain, and mitigate ransomware early in the exploitation cycle, halting the attack while protecting valuable resources. Automated Provision of Deception Components. DeceptionGrid scans your existing network and provisions hundreds-to-thousands of deception components including Tokens (lures) and Traps (decoys).

Deception in Depth – Tier 1

Deception Tokens (lures) appear as ordinary files, scripts and databases, are embedded within real IT assets to bait and divert attackers.

Active Traps

New active traps functionality creates a stream of false network traffic between deployed traps to confuse and divert attackers that monitor the network traffic.

Deception in Depth – Tier 2

Medium Interaction Emulated Traps

Our patented emulated traps can be deployed at the largest enterprise scale through automation. You can select from a wide variety of servers, databases, workstations, switches, routers and more.

Industry Templates

The patented medium interaction traps now include expanded templates for specialized devices based on industries. These templates include, ATM’s and SWIFT assets for financial services, or Point of Sale (PoS) devices for retail, as well as devices for medical, manufacturing and many more, allowing customers to determine if attackers are targeting specialized devices that are often vulnerable to attack.